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PATENT 



REMARKS/ARGUMENTS 

I. Status of the Claims 

Prior to entry of this amendment, claims 1-12, 14-27, 29-34 and 36-46 are 
currently pending. An office action mailed September 27, 2006 rejected claims 1-12, 14-27, 29- 
34 and 36-45 under 35 U.S.C. § 103(a) as being unpatentable over USP 6,968,503 to Chang et al. 
(hereinafter, "Chang"), in view of USP 6,986,138 to Sakaguchi et al. (hereinafter "Sakaguchi"). 
The office action also rejected claim 46 under § 103(a) as being unpatentable over the 
combination of Chang and Sakaguchi, in further view of USP 6,457,066 to Mein et al. 
(hereinafter, Mein"). This amendment amends claims 34 and 36-39, and neither adds, nor 
cancels any claims. Hence, after entry of this amendment, claims 1-12, 14-27, 29-34 and 36-46 
will remain pending for examination. 

II. Claim Amendments 

Claims 34 and 36-39 have been amended for consistency with claim 33, from 
which they depend. 

in. Claim Rejections under 35 U.S.C. §103 

The office action rejected claims 1-12, 14-27, 29-34 and 36-45 under § 103(a) as 
being unpatentable over the combination of Chang and Sakaguchi. However, for at least the 
reasons discussed below, the combination of Chang and Sakaguchi fails to teach or suggest each 
element of even independent claims 1, 22 and 33. Accordingly, these claims are believed to be 
allowable over the cited combination. Claims 2-12, 14-21, 23-27, 29-32, 34 and 36-45 are 
believed to be allowable at least by virtue of their dependence from allowable base claims. 

Consider, for example, claim 1. In rejecting claim 1, the office action relies 
principally on Chang. However, as pointed out in the amendment filed June 23, 2006, Chang 
fails to disclose multiple elements of claim 1, Specifically, Chang fails to teach or suggest, inter 
alia, "an access management system accessing a template that indicates parameters for defining 
workflows," as recited by claim 1. Nor does Chang teach or suggest "creating a definition of a 
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first workflow for managing at least one identity of at least one entity, based on said template," 
also as recited by claim 1 . The office action admits that Chang fails to disclose an access 
management system, but it asserts that columns 21-29 of Chang disclose both accessing a 
template that indicates parameters for defining workflows and creating a definition of a first 
workflow for managing at least one identity of at least one entity, based on a template. The 
disclosure in those columns, however, has nothing to do with either of the claimed elements. 
Rather, those columns simply describe various XML tags that are available in the system of 
Chang. In particular, the cited portion of Chang not fails to disclose creating a workflow 
definition from a template, it fails even to disclose a workflow template itself. 

Indeed, Chang teaches that the workflows executed by the workflow server are 
defined by the commands entered by the user. See Chang, c. 1, 11. 61-67 ("The Workflow Server 
passes a user command to an XML Execution Engine, accesses an XML namespace to determine 
how to execute said command, executes said command, accessing a database, if necessary, and 
returns an XML document back to user for display on the user's web browser . . . ." (emphasis 
added). Admittedly, Chang does mention the word "template" and discloses a tag that "returns 
template related information." (Col. 21, lines 59-67) However, the "templates" referred to in 
Chang are XSL templates (col. 6, lines 1-5) for identifying a stylesheet to be used to display the 
workflow results to the requesting user via his browser (col. 3, line 62 - col. 4, line 4). They are 
not workflow definition templates, however, and as such, are of no relevance to claim 1 . In other 
words, Chang's "TEMPLATE-TAG" does not relate to a template that indicates parameters for 
defining workflows. Accordingly, Chang fails to teach or suggest multiple elements for which it 
is cited. 

Moreover, Sakaguchi does not, as the office action posits, teach or suggest an 
access management system. In arguing that Sakaguchi teaches this element, the office action 
misstates the language of that claim. Specifically, the office action states that "Sakaguchi 
teaches an access management system comprising an identity system for managing identity 
profiles, and an access system for providing security of resources across one or more servers . . . 
." Office Action, at 3. The claim, however, recites that the "access management system 
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compris[es] identity system for managing identity profiles and an access system for providing 
security of resources across one or more web servers " (emphasis added). 

This oversight is critical, because Sakaguchi, to the extent it teaches any access 
management at all, teaches only the management of access to the workflows themselves, not to 
any web servers. For example, the office action posits that column 7, lines 31-48 and column 12, 
lines 61-67 of Sakaguchi teach the recited access management features. Those passages, 
however, clearly teach only the control of access to information about the workflow itself. The 
passage in column 12, for instance, specifically states, "Next, it is checked if the corresponding 
virtual node to the obtained node has an access right to the progress information (step 1008). . . . 
If the virtual node has an access right, the obtained virtual workflow node ID is made to be the 
progressing stated that is processed result (step-1010)." Sakaguchi, col. 12, 11. 61-67. Similarly, 
the passage in column 7 discloses that "[t]he display right 3361 stores the presence or the 
absence of the operation right of publication of the virtual workflow node to a user (client). The 
inquiry right 3381 stores the presence or the absence of the operation right of the inquiry on the 
progress of the node by the user. The input right 3391 stores the presence or the absence of the 
operation right of the execution information input at the node." Id., col. 7, 11. 37-42. Clearly, 
neither of these passages teach an access management system that "provid[es] security of 
resources across on or more web servers," as recited by claim 1. 

Hence, neither Chang nor Sakaguchi teaches or suggests the access management 
system recited by claim 1, so even if those references did happen to teach the other elements of 
claim 1 (which they do not), claim 1 still would be allowable over the combination of Chang and 
Sakaguchi. 

Moreover, the office action has shown no motivation or suggestion to combine 
the references, as required for a proper rejection under § 103(a). See MPEP § 2142. The office 
action states that "[i]t would have been obvious ... to combine the teachings of Chang regarding 
a workflow server with the teachings of Sakaguchi regarding managing access in a workflow 
system because different users may require different levels of access to a workflow." Office 
Action, at 3. Assuming this statement is true, it provides no motivation to combine Chang with 
Sakaguchi, since Chang already provides access management for workflows. For example, 
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column 21, lines 9-18 of Chang describes an access matrix that defines access rights to various 
workflow components. Because Chang already provides for workflow access management (but 
not, it should be noted, security for any web servers), there is no motivation or suggestion to 
combine Sakaguchi with Chang to provide this functionality. 

Accordingly, even if Chang and Sakaguchi did teach each element of claim 1 
(which, for at least the reasons noted above, they do not), Chang and Sakaguchi still could not be 
combined to establish a prima facie argument that claim 1 is unpatentable. 

Claims 22 recites a processor readable storage device with processor readable 
code executable by an access management system, and claim 33 recites an access management 
system. Claims 22 and 33 each include elements substantially similar to those recited by claim 
1, and they are believed to be allowable for at least similar reasons. Dependent claims 2-12, 14- 
21 and 40-46 ultimately depend from claim 1, while claims 23-27 and 29-32 each ultimately 
depend from claim 22, and claims 34 and 36-39 each depend, either directly or indirectly, from 
claim 33. These dependent claims are believed to be allowable at least by virtue of their 
dependence from allowable base claims. 

In addition, however, several of the dependent claims recite additional novel 
features not taught or suggested by any of the cited references. Merely by way of example, 
claim 40 recites "wherein the workflow performs a task selected from the group consisting of: 
creating a user, deleting a user, subscribing a user to a group, enrolling a certificate, renewing a 
certificate, revoking a certificate, and changing a user attribute." The office action cites lines 50- 
67 of Chang as teaching this element. That passage, however, teaches none of these operations. 
Instead, the cited passages teaches merely the setting of a context for each request. (It should be 
noted, for example, that Chang does not teach creating a user, because, as noted in prior 
amendments, Chang does not teach user management - instead, Chang merely describes a 
workflow for managing a patient's treatment, and the patient cannot be considered a user of any 
computer system associated with Chang.) 

Nor does Chang teach the elements of claim 43, which recites, inter alia, "a client 
program performing one or more of the actions." Chang clearly teaches that the "workflow 
system" performs the requested actions. See Chang, col. 1, lines 53-67. The office action cites 

OID-2005-162-01 Page 16 of 17 



Appl. No. 09/998,910 PATENT 

Amdt. dated December 27, 2006 

Reply to Office Action of September 27, 2006 

Fig. 2, which does show a client browser, but neither Fig. 2 nor the associated description 
provides any disclosure that the client browser might perform any workflow actions. Similarly, 
because Chang fails to teach a client program performing any actions, it necessarily fails to teach 
the elements of claim 44, which recites, inter alia, "upon completion of the one or more actions, 
the client program invoking the callback URL." 

For at least these additional reasons, claims 40, 43, 44, and 45 are believed to be 
allowable over the cited combination of Chang and Sakaguchi 

Claim 46 was rejected under § 103(a) as being unpatentable over Chang and 
Sakaguchi, in view of Mein. Mein, however, fails to correct the deficiencies of Sakaguchi and 
Chang, as described above. Hence, because claim 46 ultimately depends from claim 1 , it is 
believed to be allowable at least because of that dependence. 

CONCLUSION 

In view of the foregoing, Applicants believe all claims now pending in this 
Application are in condition for allowance. The issuance of a formal Notice of Allowance at an 
early date is respectfully requested. 

If the Examiner believes a telephone conference would expedite prosecution of 
this application, please telephone the undersigned at 303-571-4000. 

Dated: December 27, 2006 Respectfully submitted, 



/Chad E. King/ 
Chad E. King 
Reg. No. 44,187 
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